xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add mail for picard, add picard to ds9 proxy

Browse source
This commit is contained in:
Lucy Hochkamp 2025-04-02 18:56:56 +02:00
parent a38e5fd3a9
commit 97220577b9
No known key found for this signature in database
4 changed files with 47 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.helix/languages.toml Normal file
View file

@ -0,0 +1,6 @@
[language-server.nil]
command = "nil"
[[language]]
name = "nix"
formatter = {command = "nixfmt"}
language-servers = [ "nil" ]

6
hosts/picard/default.nix
View file

@ -12,6 +12,7 @@
./xynospace-matrix.nix ./xynospace-matrix.nix
./plausible.nix ./plausible.nix
./obsidianshare.nix ./obsidianshare.nix
./mail.nix
# ./ts-ovpn.nix # ./ts-ovpn.nix
../../nixos-modules/system/persist.nix ../../nixos-modules/system/persist.nix
@ -60,7 +61,7 @@
services.postgresql.package = pkgs.postgresql_13; services.postgresql.package = pkgs.postgresql_13;
systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path; systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path;
networking.firewall.allowedTCPPorts = [ 80 443 config.services.forgejo.settings.server.SSH_PORT ]; networking.firewall.allowedTCPPorts = [ 80 443 config.services.forgejo.settings.server.SSH_PORT 25 143 465 587 993 ];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services.caddy = { services.caddy = {
logFormat = "level INFO"; logFormat = "level INFO";
@ -71,6 +72,9 @@
token "{$TOKEN}" token "{$TOKEN}"
} }
''; '';
virtualHosts."*.hailsatan.eu".extraConfig = ''
reverse_proxy https://j.hailsatan.eu
'';
virtualHosts."*.ragon.xyz".extraConfig = '' virtualHosts."*.ragon.xyz".extraConfig = ''
# @8081 host 8081.ragon.xyz # @8081 host 8081.ragon.xyz
# handle @8081 { # handle @8081 {

36
hosts/picard/mail.nix Normal file
View file

@ -0,0 +1,36 @@
{
pkgs,
config,
lib,
...
}:
{
virtualisation.oci-containers.containers."mail" = {
image = "ghcr.io/docker-mailserver/docker-mailserver:latest";
hostname = "mail.hailsatan.eu";
ports = [
"25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
"143:143" # IMAP4 (explicit TLS => STARTTLS)
"465:465" # ESMTP (implicit TLS)
"587:587" # ESMTP (explicit TLS => STARTTLS)
"993:993" # IMAP4 (implicit TLS)
];
volumes = [
"mail-data:/var/mail/"
"mail-state:/var/mail-state/"
"mail-logs:/var/log/mail/"
"mail-config:/tmp/docker-mailserver/"
"/var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/wildcard_.hailsatan.eu:/srv/tls/meow" # it hates this
];
environment = {
TZ = "Europe/Berlin";
SPOOF_PROTECTION = "1";
LOG_LEVEL = "info";
ENABLE_CLAMAV = "0";
ENABLE_FAIL2BAN = "0";
SSL_TYPE = "manual";
SSL_CERT_PATH = "/srv/tls/meow/wildcard_.hailsatan.eu.crt";
SSL_KEY_PATH = "/srv/tls/meow/wildcard_.hailsatan.eu.key";
};
};
}

1
nixos-modules/cli/default.nix
View file

@ -3,7 +3,6 @@ with lib;
with lib.my; with lib.my;
let let
cfg = config.ragon.cli; cfg = config.ragon.cli;
ragon = config.ragon;
in in
{ {
options.ragon.cli.enable = lib.mkEnableOption "Enables ragons CLI stuff"; options.ragon.cli.enable = lib.mkEnableOption "Enables ragons CLI stuff";